iPhones cannot send emails (but can receive just fine). Trying to get sending emails to work.

Hi Mate,

Good day!

It is surely a policy issue. Kindly check web filtering or application filtering policy you have applied to the device.

Warm Regards, 

My XG home setup is pretty much new. I did not add any filtering policies.

Hi Mate,

Good day!

May you provide a Screenshot for the specified policy on the device?

Regards,

Please see screenshot of policy:

Any suggestions?

Hi Mate,

Good day!

How about Application filtering?

Warm Regards,

Where do I go to take the “application filtering” screenshot for you?

Go to Application> Application Filter> Click the policy you're using. If you need further help I have a Skype Account. You may add me.

This is what I see when I click "Application Filter".

It means that you are not using any application filter policy. It should be working fine. What can I do for you is to create a firewall rule that allows all traffic for the iphone you are currently having a problem for testing purposes.

Warm Regards,

Yes. Please let me know what to do next.

My setup is how it came from Sophos XG brand new installation. Why would Sophos block iPhones and gmail right out of the box, it seems so strange?

Here are screenshots of my 2 firewall rules:

Hi Mate,

May you make the security policies "non" from IPS to Application filtering also un check all scanning and test it once it works we need to calibrate and determine what causes the problem.

Warm Regards,

Hi Mate,

May you make the security policies "non" from IPS to Application filtering also un check all scanning and test it once it works we need to calibrate and determine what causes the problem.

Warm Regards,

If I turn off the red circled rule in picture below, then the test emails are now able to send! 

What should I do now so that my system is secure but still allows my desired emails to go in and out of the firewall?

Hua Lin,

Hau Lin said:

What should I do now so that my system is secure but still allows my desired emails to go in and out of the firewall? 

Well, this is up to you.  But first, you need to understand that most web servers are now communicate with clients through encryption.  The servers of Google, Facebook, Apple, Amazon, Wikipedia, and your Email provider use encrypted communication.  Even this Sophos site is using encryption.

This is great in that it secures the communication between server and your device, but it is also bad for managing network security.  By default, the XG Firewall and the firewalls of other vendors do not scan encrypted traffic.  They only scan unencrypted traffic.  Your firewall can still read the header of encrypted packets to ensure an application/service isn't sending data to a bad site and to prevent a malicious site from sending data in.  Your firewall can't read the data in the encrypted packets, so malware can still bypass your firewall as it often does from your email server to your email client.

In most networks today, encrypted traffic isn't scanned until it reaches an end point.  Today, End Point security does more scanning of traffic than firewalls.    Because of this, you are have three options for your XG Firewall: 1. Set your firewall to decrypt and scan your traffic.  2. Allow encrypted data to pass and use the XG Firewall to manage traffic in other ways.  3. Coordinate your firewall with your End Points.

Regardless of the brand of firewall one chooses, most people end up doing Option 2 by default without knowing it.  I've walked into many costly projects and found where experts thought they were scanning all traffic, but they were only scanning unencrypted traffic.  Even if you know about this issue, Option 1 is difficult and time consuming to deploy, even for those who do it every day.  Option 3 is a rare option. Sophos is one of the few companies that provides Synchronized Security, and Sophos makes it very easy to deploy and manage. 

For now, I recommend you focus on Option 2 as it is easy to do. Option two, has two steps.  The first step is to deploy a good reliable End Point protection on your End Points.  Sophos Home is a good option, but you can use whatever vendor like.  The second step is to set up the other security functions of your firewall (Intrusion Prevention, Web Filtering, Application Control, and Secure Wi-Fi).  These functions will prevent unwanted traffic from crossing your firewall, so you can eliminate a lot of unnecessary traffic from potentially bringing in malware or sending out your data.  Which function you choose and their settings are dependent upon your tastes and needs.  Sophos Secure Wi-fi requires the purchase of Wi-Fi Access Points from Sophos.  Secure Wi-Fi Access Points use your XG Firewall as a controller to coordinate security and ensure that guest devices and your own mobile devices don't release malware when they connect to your network behind the firewall.

If you want to do Option 3, it's easy. You can add Option 3 at any time.  You just need to purchase End Point Protection or Intercept X which comes with End Point Protection.  Option 3 will include all the settings you deployed in Option 2 with the exception that you will replace the end point security on your end points.  End Point Protection will coordinate with your XG Firewall through Sophos Central.

I hope this helps.